<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<h2> sslcaudit包装说明</h2><p style="text-align: justify;"> sslcaudit项目的目标是开发一个工具来测试SSL / TLS客户端自动进行对MITM攻击性。这可能是用于测试胖客户端，移动应用，家电，几乎任何SSL通信的有益/ TLS通过TCP。 </p><p>资料来源：http://www.gremwell.com/sites/default/files/sslcaudit/doc/sslcaudit-user-guide-1.0.pdf <br> <a href="http://www.gremwell.com/sslcaudit_v1_0" variation="deepblue" target="blank">sslcaudit首页</a> | <a href="http://git.kali.org/gitweb/?p=packages/sslcaudit.git;a=summary" variation="deepblue" target="blank">卡利sslcaudit回购</a> </p><ul><li>作者：Gremwell </li><li>许可：GPLv3的</li></ul><h3>包含在sslcaudit包工具</h3><h5> sslcaudit - 测试SSL / TLS客户易患MITM攻击</h5><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="5624393922163d373a3f">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sslcaudit -h<br>
Usage: sslcaudit [OPTIONS]<br>
<br>
Options:<br>
  --version             show program's version number and exit<br>
  -h, --help            show this help message and exit<br>
  -l LISTEN_ON          Specify IP address and TCP PORT to listen on, in<br>
                        format of HOST:PORT. Default is 0.0.0.0:8443<br>
  -m MODULES            Launch specific modules. For now the only functional<br>
                        module is 'sslcert'. There is also 'dummy' module used<br>
                        for internal testing or as a template code for new<br>
                        modules. Default is sslcert<br>
  -v VERBOSE            Increase verbosity level. Default is 0. Try 1.<br>
  -d DEBUG_LEVEL        Set debug level. Default is 0, which disables<br>
                        debugging output. Try 1 to enable it.<br>
  -c NCLIENTS           Number of clients to handle before quitting. By<br>
                        default sslcaudit will quit as soon as it gets one<br>
                        client fully processed.<br>
  -N TEST_NAME          Set the name of the test. If specified will appear in<br>
                        the leftmost column in the output.<br>
  -T SELF_TEST          Launch self-test. 0 - plain TCP client, 1 - CN<br>
                        verifying client, 2 - curl.<br>
  --user-cn=USER_CN     Set user-specified CN.<br>
  --server=SERVER       Where to fetch the server certificate from, in<br>
                        HOST:PORT format.<br>
  --user-cert=USER_CERT_FILE<br>
                        Set path to file containing the user-supplied<br>
                        certificate.<br>
  --user-key=USER_KEY_FILE<br>
                        Set path to file containing the user-supplied key.<br>
  --user-ca-cert=USER_CA_CERT_FILE<br>
                        Set path to file containing certificate for user-<br>
                        supplied CA.<br>
  --user-ca-key=USER_CA_KEY_FILE<br>
                        Set path to file containing key for user-supplied CA.<br>
  --no-default-cn       Do not use default CN<br>
  --no-self-signed      Don't try self-signed certificates<br>
  --no-user-cert-signed<br>
                        Do not sign server certificates with user-supplied one</code><h3> sslcaudit用法示例</h3><p>监听443端口<b><i>（-L 0.0.0.0:443）</i></b>在详细模式<b><i>（-v 1）：</i></b> </p><code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="74061b1b00341f15181d">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sslcaudit -l 0.0.0.0:443 -v 1<br>
# filebag location: sslcaudit.1<br>
127.0.0.1:38978  selfsigned(www.example.com)                                  tlsv1 alert unknown ca</code><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
